svn commit: samba r16267 - in branches/SAMBA_3_0/source: lib utils

jra at samba.org jra at samba.org
Thu Jun 15 21:03:41 GMT 2006 

Author: jra
Date: 2006-06-15 21:03:40 +0000 (Thu, 15 Jun 2006)
New Revision: 16267

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=16267

Log:
Fix Klocwork #401, #402 - ensure format specifier
limited. Fix memleak in printing gencache contents.
Jeremy.

Modified:
   branches/SAMBA_3_0/source/lib/gencache.c
   branches/SAMBA_3_0/source/utils/net_cache.c


Changeset:
Modified: branches/SAMBA_3_0/source/lib/gencache.c
===================================================================
--- branches/SAMBA_3_0/source/lib/gencache.c	2006-06-15 21:03:39 UTC (rev 16266)
+++ branches/SAMBA_3_0/source/lib/gencache.c	2006-06-15 21:03:40 UTC (rev 16267)
@@ -28,6 +28,7 @@
 
 #define TIMEOUT_LEN 12
 #define CACHE_DATA_FMT	"%12u/%s"
+#define READ_CACHE_DATA_FMT_TEMPLATE "%%12u/%%%us"
 
 static TDB_CONTEXT *cache;
 
@@ -242,8 +243,9 @@
 	/* fail completely if get null pointers passed */
 	SMB_ASSERT(keystr);
 
-	if (!gencache_init())
+	if (!gencache_init()) {
 		return False;
+	}
 	
 	keybuf.dptr = SMB_STRDUP(keystr);
 	keybuf.dsize = strlen(keystr)+1;
@@ -256,13 +258,26 @@
 		time_t t;
 		unsigned u;
 		int status;
+		char *fmt;
 
-		v = SMB_MALLOC(databuf.dsize - TIMEOUT_LEN);
-				
+		v = SMB_MALLOC(databuf.dsize + 1 - TIMEOUT_LEN);
+		if (!v) {
+			return False;
+		}
+
 		SAFE_FREE(databuf.dptr);
-		status = sscanf(entry_buf, CACHE_DATA_FMT, &u, v);
+
+		asprintf(&fmt, READ_CACHE_DATA_FMT_TEMPLATE, (unsigned int)databuf.dsize - TIMEOUT_LEN);
+		if (!fmt) {
+			SAFE_FREE(v);
+			return False;
+		}
+
+		status = sscanf(entry_buf, fmt, &u, v);
+		SAFE_FREE(fmt);
+
 		if ( status != 2 ) {
-		    DEBUG(0, ("gencache_get: Invalid return %d from sscanf\n", status ));
+			DEBUG(0, ("gencache_get: Invalid return %d from sscanf\n", status ));
 		}
 		t = u;
 		SAFE_FREE(entry_buf);
@@ -271,13 +286,15 @@
 			   "timeout = %s", t > time(NULL) ? "valid" :
 			   "expired", keystr, v, ctime(&t)));
 
-		if (valstr)
+		if (valstr) {
 			*valstr = v;
-		else
+		} else {
 			SAFE_FREE(v);
+		}
 
-		if (timeout)
+		if (timeout) {
 			*timeout = t;
+		}
 
 		return t > time(NULL);
 
@@ -285,17 +302,17 @@
 
 	SAFE_FREE(databuf.dptr);
 
-	if (valstr)
+	if (valstr) {
 		*valstr = NULL;
-	if (timeout)
+	}
+	if (timeout) {
 		timeout = NULL;
+	}
 
 	DEBUG(10, ("Cache entry with key = %s couldn't be found\n", keystr));
-
 	return False;
 }
 
-
 /**
  * Iterate through all entries which key matches to specified pattern
  *
@@ -327,8 +344,13 @@
 	first_node = node;
 	
 	while (node) {
+		char *fmt;
+
 		/* ensure null termination of the key string */
 		keystr = SMB_STRNDUP(node->node_key.dptr, node->node_key.dsize);
+		if (!keystr) {
+			return;
+		}
 		
 		/* 
 		 * We don't use gencache_get function, because we need to iterate through
@@ -342,11 +364,33 @@
 			continue;
 		}
 		entry = SMB_STRNDUP(databuf.dptr, databuf.dsize);
+		if (!entry) {
+			SAFE_FREE(databuf.dptr);
+			SAFE_FREE(keystr);
+			return;
+		}
+
 		SAFE_FREE(databuf.dptr);
-		valstr = SMB_MALLOC(databuf.dsize - TIMEOUT_LEN);
-		status = sscanf(entry, CACHE_DATA_FMT, &u, valstr);
+
+		valstr = SMB_MALLOC(databuf.dsize + 1 - TIMEOUT_LEN);
+		if (!valstr) {
+			SAFE_FREE(entry);
+			SAFE_FREE(keystr);
+			return;
+		}
+
+		asprintf(&fmt, READ_CACHE_DATA_FMT_TEMPLATE, (unsigned int)databuf.dsize - TIMEOUT_LEN);
+		if (!fmt) {
+			SAFE_FREE(valstr);
+			SAFE_FREE(entry);
+			SAFE_FREE(keystr);
+			return;
+		}
+		status = sscanf(entry, fmt, &u, valstr);
+		SAFE_FREE(fmt);
+
 		if ( status != 2 ) {
-		    DEBUG(0,("gencache_iterate: invalid return from sscanf %d\n",status));
+			DEBUG(0,("gencache_iterate: invalid return from sscanf %d\n",status));
 		}
 		timeout = u;
 		

Modified: branches/SAMBA_3_0/source/utils/net_cache.c
===================================================================
--- branches/SAMBA_3_0/source/utils/net_cache.c	2006-06-15 21:03:39 UTC (rev 16266)
+++ branches/SAMBA_3_0/source/utils/net_cache.c	2006-06-15 21:03:40 UTC (rev 16267)
@@ -38,6 +38,7 @@
                               const time_t timeout, void* dptr)
 {
 	char *timeout_str;
+	char *alloc_str = NULL;
 	time_t now_t = time(NULL);
 	struct tm timeout_tm, *now_tm;
 	/* localtime returns statically allocated pointer, so timeout_tm
@@ -64,12 +65,18 @@
 		}	
 		timeout_str[strlen(timeout_str) - 1] = '\0';	/* remove tailing CR */
 	} else {
-		asprintf(&timeout_str, "%.2d:%.2d:%.2d", timeout_tm.tm_hour,
+		asprintf(&alloc_str, "%.2d:%.2d:%.2d", timeout_tm.tm_hour,
 		         timeout_tm.tm_min, timeout_tm.tm_sec);
+		if (!alloc_str) {
+			return;
+		}
+		timeout_str = alloc_str;
 	}
 	
 	d_printf("Key: %s\t Timeout: %s\t Value: %s  %s\n", keystr,
 	         timeout_str, datastr, timeout > now_t ? "": "(expired)");
+
+	SAFE_FREE(alloc_str);
 }
 
 static void delete_cache_entry(const char* keystr, const char* datastr,

More information about the samba-cvs mailing list